Javascript Injection Attacking method

Interested in javascript injection? Good! It's one of the most fun exploits out there. A couple things you can do with it (depending on how well the admin secured the site) is to set countdowns to 0 (for downloads and stuff), change gender to 'Alien' or whatever you want (on your profile), and other fun stuff.

I'm not going to go in to very much detail with this because last time I did that I accidently deleted my article and I don't feel like doing it all over again. Let's look at a basic input and learn what we can do to change it:

<form name"buy" method="POST" action="">
<input type="hidden" name="item" value="book">
<input type="hidden" name="price" value="20.00">
</form>

<form name="buy" method="POST" action="">
<input type="hidden" name="item" value="laptop">
<input type="hidden" name="price" value="999.99">
</form>

Okay, let's say this is a shopping form. I have actually seen something very similar to this, only you got hosting with it. So, you probably know that computer arrays start at 0. You usually enter javascript injection to the url bar, so let's look at how to set the price of the laptop to $0.00!

javascript:void(document.forms[1].price.value="0.00");

Now, the javascript: part means we are entering javascript (obviously), the void function means we are changing something. We then type document. to say it's on this page, or we are editing something on this page. Then, when we get to the forms
part, we are choosing which form to edit. Since we said forms[1], we are editing the second one. We then select by name which input we want to change and put the name there (we are using price.) then we are going to set the value of it (since that's where the price is). So we say value="0.00" to set it to $0.00.

Isn't that lovely? You can also edit cookies like this:

javascript:void(document